Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Weird Infection possibly reappeared even after Windows Reinstall (Trov


  • This topic is locked This topic is locked

#1
Lola2014

Lola2014

    Member

  • Member
  • PipPip
  • 35 posts

Recently, my computer had been crashing with an error something like POWER_STATE_FAILURE_DRIVER. Around the same time, a bunch of random apps began appearing. I attempted to remove them myself using MalwareBytes and Microsoft Defender. It removed something called Vostran, plus some other stuff that I unfortunately don't remember. There was also a few weird generically named programs in Add/Remove Programs. They appeared to remove easily but I don't think actually removed anything. Additionally, my home page was permanently changed. It seemed like the more stuff I removed the worse things got, with more frequent crashes, etc. Well finally when I thought I had most stuff removed, I could not get on the internet anymore. It kept telling me invalid proxy settings, when I went to change the proxy settings there was a note saying that the settings were managed my the system administrator (this is a home PC). I could uncheck the proxy box but the instant it was closed, the box would be rechecked.

 

At this point, frustrated, I used the Windows 8 feature to reinstall windows. I had it erase all of the files and reinstall windows. Well, I go through the reinstall and setup. Internet explorer is redirecting my home page to some sketchy looking site called Trovi. Which looks like a fake google with sketchy banner ads. I'm worried that this infection is back even after reinstalling windows.

 

 

OTL Log:

OTL logfile created on: 11/17/2014 10:44:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Anjali\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.89 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 68.48% Memory free
9.89 Gb Paging File | 7.55 Gb Available in Paging File | 76.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 185.96 Gb Total Space | 154.20 Gb Free Space | 82.92% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
 
Computer Name: AnjaliStruss | User Name: Anjali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/17 22:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anjali\Downloads\OTL.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/08/28 02:56:10 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/27 12:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012/08/24 17:17:14 | 000,107,192 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/08/24 17:17:10 | 000,192,000 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/08/22 09:24:28 | 001,559,936 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/08/06 14:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/06 14:56:12 | 001,126,784 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
PRC - [2012/08/03 16:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/30 04:27:58 | 000,193,576 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012/07/24 18:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/23 18:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/17 16:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 11:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/05/28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/24 17:17:08 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/09/20 01:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 00:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/19 22:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/09/19 22:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/09/19 22:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/19 22:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/09/19 22:30:38 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/30 03:27:00 | 000,030,592 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2012/07/30 03:26:58 | 000,029,056 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2012/07/25 19:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 19:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 19:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 19:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 19:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 19:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 19:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 19:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 19:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 19:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 19:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 19:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 19:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 19:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 19:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 19:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/18 12:14:38 | 002,699,568 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/07/18 12:14:16 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/07/18 12:14:04 | 000,627,504 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/07/18 12:13:40 | 000,149,296 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/07/17 00:38:26 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/06/22 06:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/06/22 06:34:52 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/06/22 06:33:12 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/05/22 12:20:04 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/05/11 05:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/05/11 05:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/05/11 05:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/05/11 05:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/05/11 05:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/05/11 05:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/05/11 05:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/05/02 13:49:44 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/04/20 14:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/03/30 12:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2012/01/26 13:19:18 | 000,332,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2012/09/20 00:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/09/06 04:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/08/30 18:35:20 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/08/28 02:56:10 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/27 12:04:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/08/27 08:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012/07/30 04:27:58 | 000,193,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012/07/25 19:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 18:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/06/27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/06/25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/06/14 09:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0093771416292674mcinst.exe -- (0093771416292674mcinstcleanup)
SRV - [2012/04/13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/10/31 12:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/09/20 00:31:29 | 000,068,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/09/19 23:55:33 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/09/19 23:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/09/19 23:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/19 23:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/19 23:55:30 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/09/19 23:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/09/19 23:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/19 23:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/19 23:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/09/19 23:03:06 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/09/19 23:03:03 | 000,055,528 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/19 22:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/09/19 22:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/30 18:35:08 | 009,000,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/29 08:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012/08/27 12:04:00 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/08/27 08:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012/08/26 19:11:04 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/08/19 14:53:16 | 004,273,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012/08/09 19:29:54 | 000,035,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012/08/09 19:29:54 | 000,025,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012/08/09 19:29:52 | 000,188,384 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xHCIPort.sys -- (XHCIPort)
DRV:64bit: - [2012/08/09 19:29:52 | 000,048,096 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2012/08/06 11:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012/08/01 19:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/30 04:27:52 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012/07/25 21:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 21:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 21:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 21:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 21:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 21:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 21:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 21:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 21:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 21:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 21:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 21:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 21:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 21:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 21:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 21:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 21:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 21:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 21:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 20:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 20:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 20:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 20:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 19:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 18:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 18:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 18:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 18:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 18:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials)
DRV:64bit: - [2012/07/25 18:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 18:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 18:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 18:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 18:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 18:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 18:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 18:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 18:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 18:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 18:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 18:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 18:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 18:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 18:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 18:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 18:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 18:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 18:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 18:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 18:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/17 00:39:22 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/07/17 00:39:22 | 000,162,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/07/13 00:50:40 | 000,361,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012/07/13 00:50:40 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012/07/13 00:50:38 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012/07/13 00:50:36 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012/07/13 00:50:34 | 000,096,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012/07/13 00:50:32 | 000,228,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012/07/02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/22 06:40:58 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/06/22 06:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/06/22 06:36:54 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/06/22 06:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/06/22 06:35:02 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/06/22 06:34:22 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/06/22 06:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/06/18 11:29:12 | 000,066,712 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2012/06/14 21:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/06/02 06:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 06:31:56 | 000,589,824 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 06:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 06:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/06/02 06:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/05/30 19:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/30 12:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)
DRV:64bit: - [2012/03/30 12:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)
DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...29CC007B58=
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/11/17 22:37:56 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012/07/25 21:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\dptfpolicylpmservicehelper.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7027092D-3DE2-4C42-BEC9-1123BDA7DDAE}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/17 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Roaming\Macromedia
[2014/11/17 22:41:56 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Roaming\Intel Corporation
[2014/11/17 22:40:59 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Roaming\ASUS WebStorage
[2014/11/17 22:40:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/11/17 22:40:18 | 000,000,000 | R--D | C] -- C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/17 22:40:18 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Searches
[2014/11/17 22:40:18 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Contacts
[2014/11/17 22:40:18 | 000,000,000 | R--D | C] -- C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/11/17 22:40:18 | 000,000,000 | -H-D | C] -- C:\Users\Anjali\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/11/17 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Roaming\Adobe
[2014/11/17 22:39:29 | 000,000,000 | R-SD | C] -- C:\Users\Public\Desktop\ASUS
[2014/11/17 22:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView
[2014/11/17 22:37:46 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Local\VirtualStore
[2014/11/17 22:37:37 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Local\Packages
[2014/11/17 22:37:36 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Local\ASUS
[2014/11/17 22:37:35 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Roaming\Intel
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\AppData\Local\Temporary Internet Files
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Templates
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Start Menu
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\SendTo
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Recent
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\PrintHood
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\NetHood
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Documents\My Videos
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Documents\My Pictures
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Documents\My Music
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\My Documents
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Local Settings
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\AppData\Local\History
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Cookies
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\Application Data
[2014/11/17 22:37:25 | 000,000,000 | -HSD | C] -- C:\Users\Anjali\AppData\Local\Application Data
[2014/11/17 22:37:24 | 000,000,000 | --SD | C] -- C:\Users\Anjali\AppData\Roaming\Microsoft
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Videos
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Saved Games
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Pictures
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Music
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Links
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Favorites
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Downloads
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Documents
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\Desktop
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/17 22:37:24 | 000,000,000 | R--D | C] -- C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/11/17 22:37:24 | 000,000,000 | -H-D | C] -- C:\Users\Anjali\AppData
[2014/11/17 22:37:24 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Local\Temp
[2014/11/17 22:37:24 | 000,000,000 | ---D | C] -- C:\Users\Anjali\Roaming
[2014/11/17 22:37:24 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Local\Microsoft
[2014/11/17 22:37:24 | 000,000,000 | ---D | C] -- C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/17 22:24:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/11/17 22:18:58 | 000,000,000 | -HSD | C] -- C:\Recovery
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/17 22:42:14 | 000,001,430 | ---- | M] () -- C:\Users\Anjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/17 22:40:52 | 000,000,401 | ---- | M] () -- C:\Users\Anjali\AppData\Roaming\sp_data.sys
[2014/11/17 22:29:05 | 003,877,092 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/17 22:29:05 | 000,807,660 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat
[2014/11/17 22:29:05 | 000,805,584 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00A.dat
[2014/11/17 22:29:05 | 000,727,882 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/17 22:29:05 | 000,454,800 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0404.dat
[2014/11/17 22:29:05 | 000,440,480 | ---- | M] () -- C:\WINDOWS\SysNative\prfh0804.dat
[2014/11/17 22:29:05 | 000,165,968 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00A.dat
[2014/11/17 22:29:05 | 000,158,698 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat
[2014/11/17 22:29:05 | 000,136,228 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/17 22:29:05 | 000,136,166 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0804.dat
[2014/11/17 22:29:05 | 000,136,166 | ---- | M] () -- C:\WINDOWS\SysNative\prfc0404.dat
[2014/11/17 22:26:17 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/17 22:24:13 | 000,281,088 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/17 22:24:00 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/17 22:23:56 | 763,002,879 | -HS- | M] () -- C:\hiberfil.sys
 
========== Files Created - No Company Name ==========
 
[2014/11/17 22:42:14 | 000,001,430 | ---- | C] () -- C:\Users\Anjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/17 22:40:50 | 000,000,401 | ---- | C] () -- C:\Users\Anjali\AppData\Roaming\sp_data.sys
[2014/11/17 22:39:35 | 000,001,436 | ---- | C] () -- C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/17 22:37:24 | 000,000,352 | ---- | C] () -- C:\Users\Anjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/17 22:37:24 | 000,000,334 | ---- | C] () -- C:\Users\Anjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/11/17 22:24:03 | 000,281,088 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/17 22:24:00 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2014/11/17 22:23:56 | 763,002,879 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/25 01:57:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012/12/25 01:44:52 | 000,004,362 | ---- | C] () -- C:\WINDOWS\SysWow64\dptfinvalidpolicyremover.ini
[2012/12/25 01:44:51 | 000,185,216 | ---- | C] () -- C:\WINDOWS\SysWow64\dptfinvalidpolicyremover.exe
[2012/12/25 01:34:16 | 003,868,852 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012/08/04 17:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 17:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
 
========== ZeroAccess Check ==========
 
[2012/12/25 01:55:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/09/19 22:32:51 | 019,775,488 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/09/19 21:54:47 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/17 22:40:59 | 000,000,000 | ---D | M] -- C:\Users\Anjali\AppData\Roaming\ASUS WebStorage
 
========== Purity Check ==========
 
 

< End of report >

 

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.


- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Since you are using Windows 8 I would like you to use a different tool for the scan. Please follow the instructions below.

 

Step#1 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
Lola2014

Lola2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Thanks Brian for your help. Here are the requested logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2014
Ran by Anjali (administrator) on ANJALISTRUSS on 18-11-2014 18:10:22
Running from C:\Users\Anjali\Desktop
Loaded Profiles: UpdatusUser & Anjali (Available profiles: UpdatusUser & Anjali)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcupdmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s  RtHDVCpl    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s  kernel32.dll
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1634897016-4028301751-1691334658-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30526056 2014-11-06] (Skype Technologies S.A.)
HKU\S-1-5-21-1634897016-4028301751-1691334658-1002\...\Run: [Google Update] => C:\Users\Anjali\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-18] (Google Inc.)
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [18856 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll => C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll [17288 2012-10-02] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1634897016-4028301751-1691334658-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...9CC007B58&SSPV=
HKU\S-1-5-21-1634897016-4028301751-1691334658-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...R&#38;pc=ASU2JS
SearchScopes: HKU\S-1-5-21-1634897016-4028301751-1691334658-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1634897016-4028301751-1691334658-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Anjali\AppData\Roaming\Mozilla\Firefox\Profiles\5wxbfm5p.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1634897016-4028301751-1691334658-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Anjali\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1634897016-4028301751-1691334658-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Anjali\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-08-04]

Chrome:
=======
CHR Profile: C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-18]
CHR Extension: (Google Docs) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-18]
CHR Extension: (Google Drive) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-18]
CHR Extension: (YouTube) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-18]
CHR Extension: (Google Search) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-18]
CHR Extension: (Google Sheets) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-18]
CHR Extension: (Google Wallet) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-18]
CHR Extension: (Gmail) - C:\Users\Anjali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0314411416339568mcinstcleanup; C:\WINDOWS\TEMP\031441~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 18:10 - 2014-11-18 18:10 - 00022954 _____ () C:\Users\Anjali\Desktop\FRST.txt
2014-11-18 18:10 - 2014-11-18 18:10 - 00000000 ____D () C:\FRST
2014-11-18 18:06 - 2014-11-18 18:06 - 02117120 _____ (Farbar) C:\Users\Anjali\Desktop\FRST64.exe
2014-11-18 14:41 - 2014-11-18 14:41 - 01057976 _____ (Microsoft Corporation) C:\Users\Anjali\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_(2).exe
2014-11-18 14:30 - 2014-11-18 14:30 - 01057976 _____ (Microsoft Corporation) C:\Users\Anjali\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_(1).exe
2014-11-18 13:42 - 2014-11-18 17:47 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002UA.job
2014-11-18 13:42 - 2014-11-18 13:47 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002Core.job
2014-11-18 13:42 - 2014-11-18 13:42 - 00003886 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002UA
2014-11-18 13:42 - 2014-11-18 13:42 - 00003506 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002Core
2014-11-18 13:42 - 2014-11-18 13:42 - 00001221 _____ () C:\Users\Anjali\Desktop\Chromecast.lnk
2014-11-18 13:42 - 2014-11-18 13:42 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
2014-11-18 13:30 - 2014-11-18 13:30 - 00880784 _____ (Google Inc.) C:\Users\Anjali\Downloads\chromecastinstaller.exe
2014-11-18 13:29 - 2014-11-18 13:29 - 00880784 _____ (Google Inc.) C:\Users\Anjali\Downloads\ChromeSetup(1).exe
2014-11-18 13:24 - 2014-11-18 13:24 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-18 13:24 - 2014-11-18 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-18 13:23 - 2014-11-18 17:28 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-18 13:23 - 2014-11-18 13:28 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-18 13:23 - 2014-11-18 13:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-18 13:23 - 2014-11-18 13:23 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-18 13:23 - 2014-11-18 13:23 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-18 13:22 - 2014-11-18 13:42 - 00000000 ____D () C:\Users\Anjali\AppData\Local\Google
2014-11-18 13:22 - 2014-11-18 13:22 - 00880784 _____ (Google Inc.) C:\Users\Anjali\Downloads\ChromeSetup.exe
2014-11-18 12:01 - 2014-11-18 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-18 12:01 - 2014-11-18 12:00 - 00868464 _____ () C:\WINDOWSCalibriLI.tt2
2014-11-18 12:01 - 2014-11-18 12:00 - 00758196 _____ () C:\WINDOWSCalibriL.tt2
2014-11-18 12:00 - 2014-11-18 12:00 - 01382640 _____ () C:\WINDOWSNIRMALA.tt2
2014-11-18 12:00 - 2014-11-18 12:00 - 01334012 _____ () C:\WINDOWSNIRMALAB.tt2
2014-11-18 11:59 - 2014-11-18 14:41 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-18 11:59 - 2014-11-18 11:59 - 01057976 _____ (Microsoft Corporation) C:\Users\Anjali\Downloads\setupproplusretail.x86.en-us_TX_PR_act_1_.exe
2014-11-18 11:58 - 2014-11-18 12:17 - 00000000 ____D () C:\Users\Anjali\Desktop\Finish my case
2014-11-18 11:39 - 2014-11-18 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-18 11:29 - 2014-11-18 11:29 - 00281088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-18 11:22 - 2014-10-29 16:53 - 00713672 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-18 11:22 - 2014-10-29 16:53 - 00106432 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 11:08 - 2014-11-18 11:09 - 00821088 _____ () C:\WINDOWS\Minidump\111814-290046-01.dmp
2014-11-18 11:08 - 2014-11-18 11:08 - 855595083 _____ () C:\WINDOWS\MEMORY.DMP
2014-11-18 11:08 - 2014-11-18 11:08 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-18 10:02 - 2014-11-18 10:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-11-18 10:02 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-11-18 09:56 - 2014-06-10 14:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-11-18 09:56 - 2014-06-10 14:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-11-18 09:47 - 2014-11-18 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-11-18 09:16 - 2013-04-08 21:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-18 09:16 - 2013-04-08 21:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-18 09:16 - 2013-04-08 21:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-18 09:16 - 2013-04-08 21:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2014-11-18 09:16 - 2013-04-08 21:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-11-18 09:16 - 2013-04-08 21:14 - 01455880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-11-18 09:16 - 2013-04-08 20:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2014-11-18 09:16 - 2013-04-08 20:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2014-11-18 09:16 - 2013-04-08 20:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2014-11-18 09:16 - 2013-04-08 20:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2014-11-18 09:16 - 2013-04-08 20:51 - 13648384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-11-18 09:16 - 2013-04-08 20:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2014-11-18 09:16 - 2013-04-08 20:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-11-18 09:16 - 2013-04-08 20:51 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-11-18 09:16 - 2013-04-08 20:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-11-18 09:16 - 2013-04-08 20:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2014-11-18 09:16 - 2013-04-08 20:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-11-18 09:16 - 2013-04-08 20:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2014-11-18 09:16 - 2013-04-08 20:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-11-18 09:16 - 2013-04-08 20:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2014-11-18 09:16 - 2013-04-08 20:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-18 09:16 - 2013-04-08 20:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2014-11-18 09:16 - 2013-04-08 20:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-18 09:16 - 2013-04-08 20:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-18 09:16 - 2013-04-08 20:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2014-11-18 09:16 - 2013-04-08 20:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2014-11-18 09:16 - 2013-04-08 20:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2014-11-18 09:16 - 2013-04-08 20:48 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-18 09:16 - 2013-04-08 18:35 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-18 09:16 - 2013-04-08 18:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-11-18 09:16 - 2013-04-08 18:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2014-11-18 09:16 - 2013-04-08 18:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-11-18 09:16 - 2013-04-08 15:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-11-18 09:16 - 2013-04-08 15:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-18 09:16 - 2013-04-08 15:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-18 09:16 - 2013-04-08 13:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2014-11-18 09:16 - 2013-04-08 13:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2014-11-18 09:16 - 2013-04-08 13:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2014-11-18 09:16 - 2013-04-08 13:51 - 10789888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-11-18 09:16 - 2013-04-08 13:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2014-11-18 09:16 - 2013-04-08 13:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2014-11-18 09:16 - 2013-04-08 13:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2014-11-18 09:16 - 2013-04-08 13:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-18 09:16 - 2013-04-08 13:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-11-18 09:16 - 2013-04-08 13:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2014-11-18 09:16 - 2013-04-08 13:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-18 09:16 - 2013-04-04 15:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2014-11-18 09:16 - 2013-04-02 14:08 - 00387688 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-18 09:16 - 2013-03-30 10:16 - 01403784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-11-18 09:16 - 2013-03-30 10:16 - 01267424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-11-18 09:16 - 2013-03-28 14:09 - 01217328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-11-18 09:16 - 2013-03-28 14:09 - 01093880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-11-18 09:16 - 2013-03-15 14:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-11-18 09:16 - 2013-03-15 14:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-11-18 09:15 - 2013-04-08 21:27 - 00284424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-11-18 09:15 - 2013-04-08 21:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2014-11-18 09:15 - 2013-04-08 21:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2014-11-18 09:15 - 2013-04-08 20:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2014-11-18 09:15 - 2013-04-08 20:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-11-18 09:15 - 2013-04-08 20:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-11-18 09:15 - 2013-04-08 20:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2014-11-18 09:15 - 2013-04-08 20:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2014-11-18 09:15 - 2013-04-08 20:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2014-11-18 09:15 - 2013-04-08 20:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2014-11-18 09:15 - 2013-04-08 20:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2014-11-18 09:15 - 2013-04-08 20:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-11-18 09:15 - 2013-04-08 20:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2014-11-18 09:15 - 2013-04-08 20:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2014-11-18 09:15 - 2013-04-08 20:48 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2014-11-18 09:15 - 2013-04-08 20:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-18 09:15 - 2013-04-08 18:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2014-11-18 09:15 - 2013-04-08 18:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-11-18 09:15 - 2013-04-08 18:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-11-18 09:15 - 2013-04-08 18:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2014-11-18 09:15 - 2013-04-08 18:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2014-11-18 09:15 - 2013-04-08 15:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2014-11-18 09:15 - 2013-04-08 13:52 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-11-18 09:15 - 2013-04-08 13:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2014-11-18 09:15 - 2013-04-08 13:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-11-18 09:15 - 2013-04-08 13:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2014-11-18 09:15 - 2013-04-08 13:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2014-11-18 09:15 - 2013-04-08 13:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2014-11-18 09:15 - 2013-03-02 02:39 - 00069864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-11-18 09:15 - 2013-02-02 00:40 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsRasterService.dll
2014-11-18 09:15 - 2013-02-02 00:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsRasterService.dll
2014-11-18 09:15 - 2013-01-09 17:40 - 00303848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-11-18 09:15 - 2012-11-19 20:54 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidi2c.sys
2014-11-18 09:15 - 2012-11-05 23:33 - 00522640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-18 09:15 - 2012-11-05 21:00 - 00463768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-18 09:15 - 2012-11-05 20:18 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-18 09:15 - 2012-10-10 21:44 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2014-11-18 09:15 - 2012-10-10 21:44 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2014-11-18 09:15 - 2012-10-10 21:06 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2014-11-18 09:15 - 2012-10-10 21:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2014-11-18 09:13 - 2014-11-18 09:13 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-18 09:13 - 2014-11-18 09:13 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-18 09:13 - 2014-11-18 09:13 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Mozilla
2014-11-18 09:13 - 2014-11-18 09:13 - 00000000 ____D () C:\Users\Anjali\AppData\Local\Mozilla
2014-11-18 09:13 - 2014-11-18 09:13 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-18 09:13 - 2014-11-18 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-18 09:13 - 2014-11-18 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-18 08:58 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-11-18 08:46 - 2014-11-18 18:10 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Skype
2014-11-18 08:46 - 2014-11-18 08:46 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-18 08:46 - 2014-11-18 08:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-18 08:46 - 2014-11-18 08:46 - 00000000 ____D () C:\Users\Anjali\AppData\Local\Skype
2014-11-18 08:46 - 2014-11-18 08:46 - 00000000 ____D () C:\ProgramData\Skype
2014-11-18 08:46 - 2014-11-18 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-17 23:54 - 2014-08-21 15:56 - 01418752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-17 23:54 - 2014-08-21 15:27 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-17 23:54 - 2012-10-31 20:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2014-11-17 23:54 - 2012-10-31 20:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
2014-11-17 23:53 - 2013-04-10 22:40 - 06987528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-17 23:53 - 2013-01-28 17:57 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-17 23:53 - 2013-01-28 15:08 - 00230904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-17 23:52 - 2014-10-25 17:56 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-17 23:52 - 2014-10-25 17:56 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-17 23:52 - 2014-10-25 17:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-11-17 23:52 - 2014-10-25 17:56 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-11-17 23:52 - 2014-10-25 17:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-17 23:52 - 2014-10-25 17:55 - 19284480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-17 23:52 - 2014-10-25 17:55 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-17 23:52 - 2014-10-25 17:55 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-17 23:52 - 2014-10-25 17:55 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 15399424 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-17 23:52 - 2014-10-25 17:54 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-17 23:52 - 2014-10-25 17:53 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-17 23:52 - 2014-10-25 16:36 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-17 23:52 - 2014-10-25 16:35 - 14368768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-17 23:52 - 2014-10-25 16:35 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-17 23:52 - 2014-10-25 16:35 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-17 23:52 - 2014-10-25 16:35 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-17 23:52 - 2014-10-25 16:35 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-17 23:52 - 2014-10-25 16:35 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 13758464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-17 23:52 - 2014-10-25 16:34 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-17 23:52 - 2014-10-25 16:34 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-17 23:52 - 2014-10-25 16:19 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-11-17 23:52 - 2014-10-25 16:13 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-11-17 23:52 - 2014-10-25 13:48 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-11-17 23:52 - 2014-10-23 04:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-17 23:52 - 2014-10-23 03:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-17 23:52 - 2014-06-19 15:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-11-17 23:52 - 2014-06-19 14:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-11-17 23:50 - 2014-06-05 09:30 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-17 23:49 - 2014-06-05 09:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-17 23:49 - 2014-06-05 09:29 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-17 23:49 - 2014-06-05 09:29 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-17 23:49 - 2014-06-05 09:28 - 02306560 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-17 23:49 - 2014-06-05 09:28 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-17 23:49 - 2014-06-05 05:12 - 08857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-17 23:49 - 2014-06-05 05:11 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-17 23:49 - 2014-06-05 05:11 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-17 23:49 - 2014-06-05 05:10 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-17 23:49 - 2014-06-05 05:10 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-17 23:49 - 2013-03-05 22:29 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-17 23:48 - 2013-08-06 21:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2014-11-17 23:48 - 2012-11-09 20:23 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-11-17 23:48 - 2012-11-09 20:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-11-17 23:48 - 2012-11-09 20:22 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
2014-11-17 23:48 - 2012-11-09 20:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
2014-11-17 23:48 - 2012-11-09 20:20 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
2014-11-17 23:48 - 2012-10-31 20:41 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-11-17 23:48 - 2012-10-31 20:40 - 02361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-11-17 23:48 - 2012-10-31 20:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2014-11-17 23:48 - 2012-10-31 20:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2014-11-17 23:47 - 2014-06-06 06:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-11-17 23:47 - 2014-06-06 02:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-11-17 23:47 - 2014-04-03 03:22 - 02233176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-17 23:47 - 2013-03-02 01:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-17 23:46 - 2013-09-27 19:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2014-11-17 23:46 - 2013-04-02 15:37 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-11-17 23:46 - 2013-04-02 15:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
2014-11-17 23:46 - 2013-04-02 15:12 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-11-17 23:46 - 2013-04-02 15:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2014-11-17 23:46 - 2012-10-10 23:02 - 01636672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2014-11-17 23:46 - 2012-10-10 21:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2014-11-17 23:46 - 2012-10-10 21:19 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2014-11-17 23:46 - 2012-10-10 21:18 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2014-11-17 23:45 - 2012-12-12 20:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2014-11-17 23:45 - 2012-12-12 19:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2014-11-17 23:44 - 2014-01-30 16:48 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-11-17 23:44 - 2014-01-30 16:06 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-11-17 23:22 - 2013-10-31 21:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-11-17 23:22 - 2013-10-31 19:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-11-17 23:06 - 2014-05-14 17:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-17 23:06 - 2014-05-14 14:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-17 23:06 - 2014-05-14 14:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-17 23:06 - 2014-05-14 14:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-17 23:06 - 2014-05-14 14:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-11-17 23:05 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-17 23:05 - 2012-11-05 20:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-17 23:05 - 2012-11-05 20:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2014-11-17 23:03 - 2014-11-17 23:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-11-17 23:03 - 2014-11-17 23:03 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-11-17 23:02 - 2014-11-17 23:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-17 22:53 - 2014-11-17 22:53 - 00108700 _____ () C:\Users\Anjali\Downloads\OTL.Txt
2014-11-17 22:53 - 2014-11-17 22:53 - 00041142 _____ () C:\Users\Anjali\Downloads\Extras.Txt
2014-11-17 22:46 - 2014-11-18 13:34 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1634897016-4028301751-1691334658-1002
2014-11-17 22:44 - 2014-11-17 22:44 - 00602112 _____ (OldTimer Tools) C:\Users\Anjali\Downloads\OTL.exe
2014-11-17 22:43 - 2014-11-17 22:43 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Macromedia
2014-11-17 22:41 - 2014-11-17 22:41 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Intel Corporation
2014-11-17 22:40 - 2014-11-18 11:35 - 00000401 _____ () C:\Users\Anjali\AppData\Roaming\sp_data.sys
2014-11-17 22:40 - 2014-11-17 22:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-11-17 22:40 - 2014-11-17 22:40 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\ASUS WebStorage
2014-11-17 22:39 - 2014-11-17 22:39 - 00001436 _____ () C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 22:39 - 2014-11-17 22:39 - 00000200 _____ () C:\WINDOWS\FixPatch.log
2014-11-17 22:39 - 2014-11-17 22:39 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2014-11-17 22:39 - 2014-11-17 22:39 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Adobe
2014-11-17 22:39 - 2014-11-17 22:39 - 00000000 ____D () C:\ProgramData\FolderView
2014-11-17 22:37 - 2014-11-17 22:40 - 00000000 ____D () C:\Users\Anjali
2014-11-17 22:37 - 2014-11-17 22:39 - 00000000 ____D () C:\Users\Anjali\AppData\Local\Packages
2014-11-17 22:37 - 2014-11-17 22:38 - 00000000 ____D () C:\Users\Anjali\AppData\Local\ASUS
2014-11-17 22:37 - 2014-11-17 22:37 - 00000020 ___SH () C:\Users\Anjali\ntuser.ini
2014-11-17 22:37 - 2014-11-17 22:37 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Intel
2014-11-17 22:37 - 2014-11-17 22:37 - 00000000 ____D () C:\Users\Anjali\AppData\Local\VirtualStore
2014-11-17 22:37 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-17 22:37 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-17 22:37 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-17 22:37 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Anjali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-17 22:18 - 2014-11-17 22:18 - 00000000 __SHD () C:\Recovery

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-18 18:00 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-18 13:00 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-18 12:58 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-18 12:12 - 2012-08-04 17:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-18 11:39 - 2012-08-04 17:43 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-18 11:34 - 2012-08-02 00:45 - 00454800 _____ () C:\WINDOWS\system32\prfh0404.dat
2014-11-18 11:34 - 2012-08-02 00:45 - 00136166 _____ () C:\WINDOWS\system32\prfc0404.dat
2014-11-18 11:34 - 2012-08-02 00:40 - 00440480 _____ () C:\WINDOWS\system32\prfh0804.dat
2014-11-18 11:34 - 2012-08-02 00:40 - 00136166 _____ () C:\WINDOWS\system32\prfc0804.dat
2014-11-18 11:34 - 2012-08-02 00:35 - 00805584 _____ () C:\WINDOWS\system32\perfh00A.dat
2014-11-18 11:34 - 2012-08-02 00:35 - 00165968 _____ () C:\WINDOWS\system32\perfc00A.dat
2014-11-18 11:34 - 2012-08-02 00:31 - 00807660 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-11-18 11:34 - 2012-08-02 00:31 - 00158698 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-11-18 11:34 - 2012-07-25 23:28 - 03877092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-18 11:29 - 2012-12-25 01:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-18 11:29 - 2012-07-25 23:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-18 11:23 - 2012-07-25 21:37 - 00000000 ____D () C:\WINDOWS\servicing
2014-11-18 11:15 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-18 11:13 - 2012-07-25 21:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\zh-HK
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-18 11:12 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-18 11:09 - 2012-08-04 17:43 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-18 11:09 - 2012-08-04 17:43 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-11-18 11:08 - 2012-08-01 17:20 - 00004254 _____ () C:\WINDOWS\PFRO.log
2014-11-18 10:03 - 2012-12-25 01:56 - 01179584 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-18 09:59 - 2012-07-25 21:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-11-18 09:24 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-11-18 08:57 - 2012-07-26 00:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-11-18 08:36 - 2012-12-25 01:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-11-18 08:36 - 2012-12-25 01:36 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-11-17 23:04 - 2012-12-25 01:30 - 00000000 ____D () C:\ProgramData\Intel
2014-11-17 23:03 - 2012-12-25 01:38 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-11-17 23:03 - 2012-12-25 01:38 - 00000000 ____D () C:\Program Files\Intel
2014-11-17 23:03 - 2012-12-25 01:30 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-11-17 23:03 - 2012-12-25 01:25 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-11-17 23:02 - 2012-12-25 01:25 - 00000000 ____D () C:\Intel
2014-11-17 23:02 - 2012-07-26 00:12 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-11-17 23:00 - 2012-12-25 01:33 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-17 22:42 - 2012-08-04 17:43 - 00000000 ____D () C:\ProgramData\ChangeFolderView
2014-11-17 22:39 - 2012-08-04 17:42 - 05780160 _____ () C:\WINDOWS\AsDebug.log
2014-11-17 22:39 - 2012-08-04 17:42 - 00885272 _____ () C:\WINDOWS\AsCDProc.log
2014-11-17 22:39 - 2012-08-04 17:37 - 00002513 _____ () C:\WINDOWS\PQArecord.log
2014-11-17 22:39 - 2012-08-01 17:36 - 00000000 ____D () C:\WINDOWS\Log
2014-11-17 22:37 - 2012-07-26 00:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-17 22:18 - 2012-07-26 00:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-01 17:20

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2014
Ran by Anjali at 2014-11-18 18:11:14
Running from C:\Users\Anjali\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
ChromecastApp (HKU\S-1-5-21-1634897016-4028301751-1691334658-1002\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA 3D Vision Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6722 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.105 - Skype Technologies S.A.)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1634897016-4028301751-1691334658-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Anjali\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1634897016-4028301751-1691334658-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Anjali\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

18-11-2014 07:02:15 Intel® PROSet/Wireless Software

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {30F4518B-4012-4C89-B887-B40C3E5B1F52} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-18] (Microsoft Corporation)
Task: {3C3909D0-2095-4278-98A9-D7A362ADB597} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002Core => C:\Users\Anjali\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {45A2D718-C68C-45AF-B722-B0C4D915579D} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {577DD428-74AC-453A-A80A-8EE0C20F111F} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-08-22] (ASUSTeK Computer Inc.)
Task: {67849E7A-DFF5-46C0-B445-06E7A42B77D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {7532564F-7781-4668-9C6F-0AE0FD78EDCB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {9889D97A-5DD0-493B-A9EC-19D7F528D40D} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {B33EAF77-1830-4D78-9B22-ADBBE4168811} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {B9CD039F-B94C-4527-91AB-F0AB9076FA77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {BAF58EA9-24E1-42B3-AF31-1C1D784DD357} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-11-18] (Microsoft Corporation)
Task: {D7E73F27-7FCF-44DE-82B9-96F1FCAB3AC2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002UA => C:\Users\Anjali\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
Task: {F370C268-0222-4BDC-80F1-249399E2FA98} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {F9ED88FB-5D3D-47F5-83F6-62E4C6C240AF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002Core.job => C:\Users\Anjali\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1634897016-4028301751-1691334658-1002UA.job => C:\Users\Anjali\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-07 23:34 - 2012-07-30 03:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-11-07 23:34 - 2012-07-30 03:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-11-07 23:32 - 2012-08-30 18:35 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-11-18 11:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-25 01:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-08-24 17:17 - 2012-08-24 17:17 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-11-18 09:13 - 2014-11-13 18:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1634897016-4028301751-1691334658-500 - Administrator - Disabled)
Anjali (S-1-5-21-1634897016-4028301751-1691334658-1002 - Administrator - Enabled) => C:\Users\Anjali
Guest (S-1-5-21-1634897016-4028301751-1691334658-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1634897016-4028301751-1691334658-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-1634897016-4028301751-1691334658-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2014 00:05:07 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: firstrun.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 0; CurrentHr: 0x803d0013; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}; OlsErrorCode: 0x9; CurrentProductReleaseId: ProPlusRetail; AllProductReleaseIds (from store): ProPlusRetail

Error: (11/18/2014 00:05:07 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x9; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}

Error: (11/18/2014 00:02:00 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: firstrun.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 0; CurrentHr: 0x803d0013; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}; OlsErrorCode: 0x9; CurrentProductReleaseId: ProPlusRetail; AllProductReleaseIds (from store): ProPlusRetail

Error: (11/18/2014 00:02:00 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x9; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}

Error: (11/18/2014 11:35:13 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (11/18/2014 11:35:13 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (11/18/2014 11:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 16.1.0.0, time stamp: 0x521e80f5
Faulting module name: MurocApi.dll, version: 16.1.0.0, time stamp: 0x521e7ff7
Exception code: 0xc0000005
Fault offset: 0x0000000000026570
Faulting process id: 0xa20
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
Faulting package full name: ZeroConfigService.exe4
Faulting package-relative application ID: ZeroConfigService.exe5

Error: (11/18/2014 08:57:16 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (11/18/2014 08:57:12 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (11/18/2014 08:38:49 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.


System errors:
=============
Error: (11/18/2014 11:14:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (11/18/2014 11:14:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (11/18/2014 11:13:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Rapid Storage Technology service failed to start due to the following error:
%%1053

Error: (11/18/2014 11:13:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.

Error: (11/18/2014 11:13:07 AM) (Source: HTTP) (EventID: 15011) (User: )
Description:

Error: (11/18/2014 11:11:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/18/2014 11:09:22 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa80051a2060, 0xfffff801c11c17e0, 0xfffffa800e80d010)C:\WINDOWS\MEMORY.DMP111814-290046-01

Error: (11/18/2014 11:09:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:56:34 AM on ‎11/‎18/‎2014 was unexpected.

Error: (11/18/2014 08:58:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
%%1

Error: (11/18/2014 08:36:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:47:32 PM on ‎11/‎17/‎2014 was unexpected.


Microsoft Office Sessions:
=========================
Error: (11/18/2014 00:05:07 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: firstrun.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 0; CurrentHr: 0x803d0013; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}; OlsErrorCode: 0x9; CurrentProductReleaseId: ProPlusRetail; AllProductReleaseIds (from store): ProPlusRetail

Error: (11/18/2014 00:05:07 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x9; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}

Error: (11/18/2014 00:02:00 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Application: firstrun.exe; IdentityType: LiveId; HasToken: 0; AutoOrgId: 0; Roaming: 0; SessionLicensing: 0; LvuxSqm: 0; SppReady: 0; CurrentHr: 0x803d0013; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}; OlsErrorCode: 0x9; CurrentProductReleaseId: ProPlusRetail; AllProductReleaseIds (from store): ProPlusRetail

Error: (11/18/2014 00:02:00 PM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x9; CorrelationId: {83C24889-5AF1-4796-8E2F-04E94E904E00}

Error: (11/18/2014 11:35:13 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.

Error: (11/18/2014 11:35:13 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperCreateSharedMemory:  CreateFileMapping() failed.Last error = [0x00000005]

Error: (11/18/2014 11:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe16.1.0.0521e80f5MurocApi.dll16.1.0.0521e7ff7c00000050000000000026570a2001d00363336b4793C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll99e7dbfc-6f56-11e4-be79-c4850891b08a

Error: (11/18/2014 08:57:16 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (11/18/2014 08:57:12 AM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
Description: 1

Error: (11/18/2014 08:38:49 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: DptfPolicyLpmServiceHelperWinMain:  CreateSharedMemory() failed.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 56%
Total physical RAM: 6029.57 MB
Available physical RAM: 2635.09 MB
Total Pagefile: 12173.57 MB
Available Pagefile: 8222.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:135.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.15 GB) (Free:258.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 01A8A7C0)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, this should fix you up. Let me know how you machine is after these steps.

 

Step#1 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   247bytes   113 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#2 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

 

Items for your next post

1. FRST Fix Log

2. AdwCleaner log

3. How's your machine doing?


  • 0

#5
Lola2014

Lola2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Again, Thank you so much Brian for your help. The computer seems to work fine right now, I do not see those Vosteran or Trovia links in Internet explorer browser right now.  Although before running these scans, my computer did shut down again with the same POWER_STATE_FAILURE_DRIVER. Hopefully, it is totally cleaned now.

 

Below are the requested logs:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by Anjali at 2014-11-20 12:29:55 Run:1
Running from C:\Users\Anjali\Desktop
Loaded Profiles: UpdatusUser & Anjali (Available profiles: UpdatusUser & Anjali)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1634897016-4028301751-1691334658-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...9CC007B58&SSPV=
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
*****************

HKU\S-1-5-21-1634897016-4028301751-1691334658-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 529.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

# AdwCleaner v4.101 - Report created 20/11/2014 at 12:41:11
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : Anjali - ANJALISTRUSS
# Running from : C:\Users\Anjali\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : DptfParticipantProcessorService
Service Deleted : DptfPolicyConfigTDPService

***** [ Files / Folders ] *****

File Deleted : C:\WINDOWS\System32\DptfParticipantProcessorService.exe
File Deleted : C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****
 


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Sounds good. Let's do one more scan to ensure that there aren't anymore remnants left over.

 

Step#1 - Malwarebytes Scan

 

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 


  • 0

#7
Lola2014

Lola2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hi Brian,

 

There seems to be one or more potentially unwanted or infectious remnants on the computer, below is the report.

 

Thanks a bunch for helping me out!!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/20/2014
Scan Time: 4:40:03 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.20.09
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Anjali

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351059
Time Elapsed: 19 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.DomaIQ, C:\Users\Anjali\Downloads\Unconfirmed 526612.crdownload, Quarantined, [66d9b984dca01026c8e6e579d52b758b],
PUP.Optional.DomaIQ, C:\Users\Anjali\Downloads\Unconfirmed 736861.crdownload, Quarantined, [0738b984106cf244a30bb1adbe422ed2],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#8
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Perfect. Looks like those were quarantined. Are there any other issues that you have?


  • 0

#9
Lola2014

Lola2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hi Brian,

 

Awesome, thank you so much!!!! I am so relieved that you have fixed my computer. The only issue I am still concerned about is the occasional shutting down of my computer with the error "DRIVER_POWER_STATE_FAILURE".

 

Again, I am very grateful to you!! You guys are awesome!!


Edited by Lola2014, 20 November 2014 - 10:37 PM.

  • 0

#10
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, let's take a look and see if we can resolve your issue. Please follow the steps below.

 

Step#1 - BSOD Log
1. Please download the 64-bit version of Bluescreenview from here and save it to your desktop.
2. Right-click on the downloaded file (bluescreenview-x64.zip) and select Extract All. Click the Extract button and a folder will open with the contents that were extracted.
3. Right-click on BlueScreenView.exe and select Run as administrator. If prompted to Allow, please answer yes.
4. Once the program opens and finishes scanning, click on the Edit menu and choose Select All.
5. Then click on the file menu...Save selected Items...and save it to your desktop named BSOD.txt.
6. Open the BSOD.txt file in notepad (you can simply double-click on the file from the desktop to do this) and copy/paste the contents of this in your next reply.

 

Step#2 - Update Your Drivers

1. Go to your computer manufacturers website (ASUS I believe) and look up your make/model of computer.

2. Download and install all drivers for your computer (especially BIOS, Chipset and Video drivers).

3. Anytime you are prompted to reboot after installing a driver please do.

Note: If you have any issues or questions on this please let me know the make/model of your computer and I can walk you through the process.

 

Let's see if you get the DRIVER_POWER_STATE_FAILURE anymore.

 

 

 

 

Items for your next post

1. BSOD log


  • 0

Advertisements


#11
Lola2014

Lola2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hi Brian,

 

I hope that your weekend is going well. I will go to ASUS, download and install all drives as you have suggested. BTW my computer model is ASUS ASUX32VDDH71
Zenbook UX32VD-DH71 13.3" Ultrabook Computer (Silver), Mfr # UX32VD-DH71.

 

Below is the BSOD.txt file log.

 

 

==================================================
Dump File         : 112214-267203-01.dmp
Crash Time        : 11/22/2014 12:36:34 PM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`053b8060
Parameter 3       : fffff880`02e8e7f0
Parameter 4       : fffffa80`0cb34be0
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5a540
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.2.9200.16912 (win8_gdr.140502-1507)
Processor         : x64
Crash Address     : ntoskrnl.exe+5a540
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\112214-267203-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9200
Dump File Size    : 819,136
Dump File Time    : 11/22/2014 12:46:04 PM
==================================================

==================================================
Dump File         : 112014-283687-01.dmp
Crash Time        : 11/20/2014 7:41:33 AM
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : fffffa80`05f0b060
Parameter 3       : fffff880`031017f0
Parameter 4       : fffffa80`069368b0
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+5a440
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.2.9200.16912 (win8_gdr.140502-1507)
Processor         : x64
Crash Address     : ntoskrnl.exe+5a440
Stack Address 1   :


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

I hope that your weekend is going well.

 

Thank you. You as well. Also thanks for the info on the model that you have. As you likely already found this is the link to the page on ASUS. Ensure you select Windows 8 from the OS drop down.

 

The most important ones to update will be....

 

1. BIOS. Be sure to download the correct version. To find the correct version that you need you can do the following.

     a) Press F2 during boot up and enter BIOS menu. 
     b) Press F12 and pay attention to the right corner of screen. Model name will be displayed here. Please select the BIOS file with the same name on the support site.

 

2. Chipset

3. nVidia Graphics Driver (This is in the VGA category)

4. ExpressCache (within the Utilities section)

5. Intel Rapid Storage Technology Driver (in the Others section)

 

Thanks.


  • 0

#13
Lola2014

Lola2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Hi Brian,

 

I am not able to figure out how to install the drivers, could you please guide me a bit more. I am sorry for being a nuisance! Thank you so much!!


  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

It would be my pleasure. Let's do just one of them so you can see the process. Let's do the Intel Rapid Storage Technology Driver.

 

1. Click this link to get to the Intel Rapid Storage Technology Driver area. You should see V12.6.0.1033 of the driver.

Capture.JPG

 

2. Click the Global link and save the file to your desktop. If you are using Internet Explorer you will receive a box like the following when clicking on the Global link.

Save%20As.JPG

 

3. Then on your desktop will be a file named IRST_Intel_Win8_64_VER12601033.zip.

4. Right-click on this file and choose Extract All.

5. A dialog box will come up. Keep the defaults and click the Extract button.

6. When it's done extracting you will be looking at the contents of the folder which will look like the following.

Contents.JPG

 

7. Double-click on the file named PNPINST64.exe. You will be asked if you wish to install the driver. Click Yes to install. Reboot when done.

 

Let me know if this is successful. Also, let me know if it clears up your DRIVER_POWER_STATE_FAILURE issue. If it does, there's no need to continue with the others.

 

Thanks.

 

 

 


  • 0

#15
Lola2014

Lola2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Brian,

I followed your instructions but the computer still keeps crashing with the same error :-(. Does it mean that I have to install the other drivers too?

Please let me know. Thank you bunches :-).
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP